package com.zzz.springsecuritystudy.controller;

import com.zzz.springsecuritystudy.annotation.AnonymousAccess;
import com.zzz.springsecuritystudy.entity.AuthUserDto;
import com.zzz.springsecuritystudy.entity.ResponseResult;
import com.zzz.springsecuritystudy.service.AuthServiceImpl;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;

import javax.annotation.Resource;
import java.util.Map;

/**
 * @author zhuzhizun
 * @date 2021/9/15
 */
@RestController
@Slf4j
@RequestMapping("/auth")
public class AuthController {



    @Resource
    private AuthServiceImpl authServiceImpl;

    @PostMapping("/login")
    @AnonymousAccess
    public ResponseResult<Map<String, Object>> login(@RequestBody AuthUserDto authUser){
        Map<String, Object> map = authServiceImpl.login(authUser);
        return new ResponseResult<>(200,"ok",map);
    }

    // 登录就可以访问
    @GetMapping(value = "/info")
    public String getUserInfo() {
        return "user----------info";
    }

    // 必须要有两种角色中的一种
    @GetMapping(value = "/role")
    @PreAuthorize("hasAnyRole('admin','common')")
    public String getUserRole() {
        return "user----------role";
    }

    // 又admin角色
    @GetMapping(value = "/list")
    @PreAuthorize("hasRole('admin')")
    public String getUserList() {
        return "user----------list";
    }

    // admin 和 user 角色都要有
    @GetMapping(value = "/user")
    @PreAuthorize("hasRole('admin') and  hasRole('user')")
    public String getUserList2() {
        return "admin-----user----------list";
    }

}
